Securing Docker?
-
So I've done this with KeyCloack but am curious about FusionAuth. I see how to setup FusionAuth with docker (specifically docker compose), but I have found no mention of how to setup FusionAuth to provide authentication TO a docker container running an insecure application. Does this exist? Keycloak does it with a bunch of extra stuff in the compose file.
Thanks!
-
If you want to use FusionAuth to secure access to an application (running in Docker or elsewhere) that doesn't have any security, you can use a proxy to do so.
The proxy sits in front of the application and all traffic should go through it. When it sees an unauthenticated user, it forwards that user to FusionAuth, where the user logs in and generates a token. Then the user is forwarded back to the proxy. The token is parsed by the proxy and if the token is valid the user gets access.
This can be done in concert with any proxy that supports JWTs and OIDC.
I've heard of this being done with HAProxy and Kong. Here's an HAProxy tutorial. Here's a Kong tutorial. Here are instructions on how to do this with ngrok cloud edge, which may be useful for the overall flow even if you don't use that software: https://fusionauth.io/docs/v1/tech/developer-guide/api-gateways/ngrok-cloud-edge
Hope that helps.